AutoSploit: A New Tool for Automatically Hacking Vulnerable IoT Devices

Hacking a system is not always as difficult as it seems. Some amateur hackers use various programs to break into other people’s accounts by leveraging leaked login and password databases, or software designed to streamline the process. Now, another tool has joined the list—AutoSploit, which is designed for the automatic discovery and remote hacking of vulnerable IoT devices on the Internet.

In short, AutoSploit is a package that includes several tools, notably Shodan and the Metasploit framework (a comprehensive environment for writing, testing, and using exploit code).

“Basically, you launch the tool and enter a search query, for example, ‘apache.’ The tool then uses the Shodan API to find computers described as ‘apache’ in Shodan. After that, it loads a list of Metasploit modules and sorts them based on the search query. Once the appropriate modules are selected, they are executed sequentially according to the list of attack targets,” explained AutoSploit’s developer, who goes by the pseudonym Vector.

The release of AutoSploit has sparked a number of critical comments from security experts. For example, researcher Richard Bejtlich believes that it is unwise to publish a mass exploitation tool on accessible platforms where it can easily be found by script kiddies.

In response, Vector stated that such criticism could be directed at anyone who releases open-source tools that could potentially be used for attacks. “Personally, I believe information should be open. I’m a fan of open source, so why not?” he said.

Shodan is a search engine that can be used to find devices connected to the Internet and detailed information about various websites. With Shodan, you can discover which operating system a device is using or find local FTP servers with open anonymous access.